Cyber crime in travel – no longer just about the money

ThreatMetrix recently analysed more than a billion web transactions taking place in the travel and entertainment industries.

The company’s “deep dive” into the pair makes for sobering reading, not least as the digital proliferation of the tourism sector shows no sign of slowing – in fact, with restaurants and attractions coming on stream – almost in another wave of travel-related digital activity – there is scope for further cybercrime issues to grow and evolve.

ThreatMetrix says the recent run of data breaches in the travel industry, in particular, shows there is still an educating required to understand of “how stolen identities are used in order to differentiate between fraudulent and authentic activity”.

“Cybercriminals attempt to use stolen identities for activity such as credit card fraud, phishing and online transactions – and often sell stolen identities to underground crime rings.

“Shared global intelligence acts as a kind of personal digital guardian that works to keep consumers’ identities protected against getting burned by fraudsters, both in the busy summer months and year round.”

So why the latest cause for concern?

ThreatMetric analysed a range of areas and disciplines where cyber crime can intersect with billions of transactions.

Attack vectors:

The report says:

“Device spoofing is the biggest attack vector in this space driven by fraudsters trying to delete and change browser settings in order to change their device identity or fingerprint, or attempt to appear to come from a victim’s device.

“With over six billion user identities compromised since 2013, spoofing or impersonation attacks are growing across the globe. Identity spoofing continues to be the biggest attack vector in regions where organized identity verification tools are not as prevalent.”

Platforms:

Handheld devices are considered more secure than desktops, ThreatMetrix says, but apps make the mobile or tablet more vulnerable.

Cyber criminals are beginning to create fraudulent apps that look authentic to the everyday consumer.

These then contain malware and, of course, give the fraudsters access to a consumer’s personal details.

Influencing reviews:

Both fraudsters and “dishonest establishments” have realised that there is an opportunity (and money to made) for gaming the reviewing systems that have become an intrinsic part of the online travel experience.

ThreatMetrix reckons that an operating with a single device can write 150 reviews in an hour on different sites using the same email address, whereas another method is to use a bot so that one device can produce ten reviews in an hour but from multiple email addresses.

Loyalty:

A new area of focus for cyber criminals is around access to loyalty programmes and membership schemes.

This is because they often have a high monetary or resale value attached to them, especially with airline and hotel point schemes.

One particular tactic is to access the account, transfer the loyalty points and make mileage transactions or book trips.